TLS is a security protocol that specifies the use of public key certificates to verify identity and encrypt request and response messages.

Note: Transport Layer Security (TLS) is the new version of SSL.

HTTPS is a combination of HTTP and TLS. When a client application needs to make a request over HTTPS, it initiates communication by requesting the public key certificate of the server. The certificate is typically signed by a certificate authority and contains a public key. The client application verifies the certificate and then uses the public key to encrypt request messages.

An ABL HTTP client can make requests to HTTPS URLs as long as the root certificate of the server is installed in the OpenEdge certificate store. The HTTP client does not automatically install root certificates.

To retrieve the root certificate for a site, use a browser to navigate to the URL. Modern browsers indicate an TLS connection with a padlock or some similar icon. This icon is usually clickable and includes a means to inspect and export the certificates for that site. Make sure you export all of the certificates for the site and import them into the OpenEdge certificate store.

To learn more about importing certificates, see Manage OpenEdge Keys and Certificates .

Note that while the HTTP client can verify the certificate of a server, it does not support sending client certificates to the server (also known as two-way or mutual authentication).

Turn off host verification

If HTTPS is used as the communication protocol, the HTTP client verifies the TLS certificate of the server by default. However, based on your needs, you may want to turn off this verification. To turn off host verification, create a custom ClientLibrary and set the sslVerifyHost property to NO . For example: 

        USING OpenEdge.Net.HTTP.IHttpClientLibrary. USING OpenEdge.Net.HTTP.Lib.ClientLibraryBuilder. DEFINE VARIABLE oLib AS IHttpClientLibrary NO-UNDO. 
        oLib = ClientLibraryBuilder:Build():sslVerifyHost(NO):Library. oHttpClient = ClientBuilder:Build():UsingLibrary(oLib):Client.

Set TLS ciphers and protocols

An HTTP client begins communication with a server application over HTTPS by negotiating security settings. This includes the selection of a cipher suite — a set of algorithms that determine how keys are exchanged and how messages are encrypted.
If you need to specify TLS ciphers and protocols in your ABL HTTP client, create a custom ClientLibrary and use the SetSSLProtocols() and SetSSLCiphers() methods as shown in the following example.
USING OpenEdge.Net.HTTP.IHttpClient. 
USING OpenEdge.Net.HTTP.IHttpClientLibrary. 
USING OpenEdge.Net.HTTP.ClientBuilder. 
USING OpenEdge.Net.HTTP.Lib.ClientLibraryBuilder. 

/* *************************** Main Block *************************** */ 
DEFINE VARIABLE oLib AS IHttpClientLibrary NO-UNDO. 
DEFINE VARIABLE oClient AS IHttpClient NO-UNDO. 
DEFINE VARIABLE cSSLProtocols AS CHARACTER EXTENT NO-UNDO. 
DEFINE VARIABLE cSSLCiphers AS CHARACTER EXTENT NO-UNDO. 

// the size and values of the TLS protocols and ciphers depend on the server 
EXTENT(cTLSProtocols) = 2. 
EXTENT(cSSLCiphers) = 10. 

ASSIGN cSSLProtocols[1] = 'TLSv1.2' 
	cSSLProtocols[2] = 'TLSv1.1' 
	cSSLCiphers[1] = 'AES128-SHA256' 
	cSSLCiphers[2] = 'DHE-RSA-AES128-SHA256' 
	cSSLCiphers[3] = 'AES128-GCM-SHA256' 
	cSSLCiphers[4] = 'DHE-RSA-AES128-GCM-SHA256' 
	cSSLCiphers[5] = 'ADH-AES128-SHA256' 
	cSSLCiphers[6] = 'ADH-AES128-GCM-SHA256' 
	cSSLCiphers[7] = 'ADH-AES256-SHA256' 
	cSSLCiphers[8] = 'AES256-SHA256' 
	cSSLCiphers[9] = 'DHE-RSA-AES256-SHA256' 
	cSSLCiphers[10] = 'AES128-SHA' . 

oLib = ClientLibraryBuilder:Build(): 
	:SetSSLProtocols(cSSLProtocols) 
	:SetSSLCiphers(cSSLCiphers) 
	:Library. 
	
oClient = ClientBuilder:Build() 
	:UsingLibrary(oLib) 
	:Client.
For a list of supported ciphers and protocols, see Supported protocols, ciphers, and certificates for Progress OpenEdge clients and servers .

API reference documentation

To view the complete list of methods that you can use in a custom Client Library, refer to the ClientLibrary documentation or see the OpenEdge.Net API Reference documentation.